ServiceNow logo
ServiceNow

ServiceNow provides cloud-based services that automate enterprise information technology operations. As an employer, ServiceNow offers a challenging, collaborat

Senior Staff Product Security Engineer | Product Security Incident Response Team (PSIRT)

Security EngineerSecurity EngineerFull TimeRemoteSeniorTeam 29,000Since 2004Company Site

Location

Washington

Posted

1 day ago

Salary

$201.3K - $352.3K / year

Seniority

Senior

English

Job Description

Senior Staff Product Security Engineer | Product Security Incident Response Team (PSIRT)

ServiceNow

Company Description It all started when engineer Fred Luddy wrote code that automated a tedious task for his coworker, Phyllis. She cried tears of joy. That moment inspired Fred to build a company that could do that for everyone-freeing people from busywork so they could focus on meaningful work. Today, ServiceNow is the AI control tower for business reinvention. Our ServiceNow AI platform brings together any AI, any data, and any workflow- helping 85% of the Fortune 500® work smarter, faster, and better. We're building an AI-native culture where technology and talent are unstoppable together. And we're just getting started. Join us to put AI to work for people. Job Description The ServiceNow Security Organization (SSO) The ServiceNow Security Organization (SSO) delivers world-class, innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud, accelerating our business so that we are the most trusted SaaS provider. We create an environment where our employees are proud to work and can make a positive impact About the role ServiceNow seeks a senior staff-level product security engineer to serve as a senior technical authority within the Product Security Incident Response Team (PSIRT). PSIRT is ServiceNow's awareness, response, and investigation capability for post-release vulnerabilities in ServiceNow-developed products and service offerings. This role is for a recognized expert who can operate independently and as part of a team on the most significant security issues facing the platform-vulnerabilities that require evaluating intangibles. You will lead deep-dive investigations, coordinate resolution across engineering, product, and release teams, and demonstrate calm, decisive leadership during significant security events. This is a role for someone who already understands product development cycles and the engineering and product relationships that drive them-and will use that fluency to lead fixes to completion under incident pressure. You will help shape how ServiceNow responds to product security vulnerabilities at scale and the technical rigor of the entire response capability. Key Responsibilities Lead Through Significant Security Events - Provide additional response coverage outside of normal working hours for significant product vulnerabilities as they emerge. - Demonstrate technical and organizational leadership during these events-bringing structure and clear decision-making under pressure. - Partner with incident commanders, business information security leadership, engineering, and customer-facing teams to maintain clear ownership, workstream prioritization, and hand-offs during these events. Reduce Exposure Window - Drive coordinated response across affected releases, balancing risk and remediation feasibility. - Leverage an understanding of product development cycles and engineering/product partnerships to move fixes through the release pipeline without stalling on organizational boundaries. - Verify fix completeness and guard against incomplete mitigations before release. Drive the CVE & Coordinated Disclosure Process - Lead ServiceNow's CVE disclosure process-owning CVE assignment, scoring, advisory content, and publication timing. - Collaborate with external security partners, vendors, and researchers on coordinated disclosures, aligning timelines and messaging across parties. - Conduct technical accuracy reviews of external advisories, researcher write-ups, and joint disclosure content to ensure correctness before publication. - Represent PSIRT's technical position in multi-party coordinated disclosures and researcher engagements. Pursue After-Action Outcomes & Continuous Improvement - Author postmortems and drive lessons learned to closure following product security incidents. - Participate in retrospectives following significant product security events, translating findings into concrete process and technical improvements. - Contribute to partner teams tracking product security risk themes and trends across the portfolio. - Contribute to SDLC improvement areas, feeding incident learnings upstream into secure development practices. Qualifications Qualifications - Minimum 12 years of related experience with a Bachelor's degree; or 8 years with a Master's degree; or a PhD with 5 years of experience; or equivalent experience. - Minimum 5 years of auditing source code for security vulnerabilities. - Demonstrated leadership during significant security events or major incidents, with willingness to participate in on-call. - Ability to read and comprehend Java and JavaScript code. - Strong understanding of common Java and JavaScript vulnerabilities. - Proficiency in scripting in both Python and JavaScript for data gathering, processing, and visualization. - Development of proof-of-concept exploits for web application vulnerabilities. - Written and verbal communication of complex security risk clearly to both technical teams and leadership. - Experience with leading fix implementation and release coordination across engineering, product, and test/release teams. - Proficiency in deep-dive product security investigations and root-cause analysis spanning design, code, configuration, and operational layers. - Exploit analysis and proof-of-concept development that distinguishes real exploitability from theoretical risk. - Familiarity with SDLC integration, CI/CD pipelines, SaaS threat models, and secure development practices. - Experience leading a CVE disclosure process, including CVE assignment, scoring (CVSS), and advisory publication. Preferred Qualifications - Experience in a PSIRT or similar function for a major software or SaaS platform. - Recognized expertise in product security incident response, vulnerability research, or application security within a software or SaaS environment. - Experience conducting vulnerability assessments on the ServiceNow platform. - Experience with emerging threats: AI-specific attack vectors, software supply chain security, and SDLC tooling security. - Experience with cloud infrastructure (AWS, Azure, GCP) and containerized environments. - Relevant security certifications (e.g., OSWE) or demonstrated equivalent expertise. #SecurityJobs For positions in this location, we offer a base pay of $201,300 - $352,300, plus equity (when applicable), variable/incentive compensation and benefits. Sales positions generally offer a competitive On Target Earnings (OTE) incentive compensation structure. Please note that the base pay shown is a guideline, and individual total compensation will vary based on factors such as qualifications, skill level, competencies, and work location. We also offer health plans, including flexible spending accounts, a 401(k) Plan with company match, ESPP, matching donations, a flexible time away plan and family leave programs. Compensation is based on the geographic location in which the role is located and is subject to change based on work location. Additional Information Work Personas We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here . To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service. Equal Opportunity Employer ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, gender identity, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. Accommodations We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact globaltalentss@servicenow.com for assistance. Export Control Regulations For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. From Fortune. ©2026 Fortune Media IP Limited. All rights reserved. Used under license.

Related Categories

Related Job Pages

More Security Engineer Jobs

ServiceNow logo

Sr Enterprise Account Exec, Cybersecurity (Fed - COCOM/SOF)

ServiceNow

ServiceNow provides cloud-based services that automate enterprise information technology operations. As an employer, ServiceNow offers a challenging, collaborat

Full TimeRemoteTeam 29,000Since 2004

Company Description It all started when engineer Fred Luddy wrote code that automated a tedious task for his coworker, Phyllis. She cried tears of joy. That moment inspired Fred to build a company that could do that for everyone-freeing people from busywork so they could focus on meaningful work. Today, ServiceNow is the AI control tower for business reinvention. Our ServiceNow AI platform brings together any AI, any data, and any workflow- helping 85% of the Fortune 500® work smarter, faster, and better. We're building an AI-native culture where technology and talent are unstoppable together. And we're just getting started. Join us to put AI to work for people. Armis from ServiceNow, protects the entire attack surface and manages an organization's cyber risk exposure in real time. Combined with ServiceNow's Security and Risk capabilities, as well as Identity Security capabilities from Veza, we bring together all critical capabilities to secure every asset, every identity - incl. AI Agents - across all environments with the right level of context - security, operational and business - to build the first of its kind autonomous defense platform for the Agentic Enterprise. Job Description You will produce new business sales revenue from a SaaS license model. You will accomplish this through account planning, territory planning, researching prospect customers, using business development strategies and completing field-based sales activities within a defined set of prospects, territory or vertical. What you get to do in this role: The ideal candidate is a seasoned closer who understands the mission-critical nature of asset visibility-from the tactical edge to the cloud-and has the established relationships to navigate classified procurement cycles. - Execute Mission-Driven Sales: Build and manage a robust pipeline of opportunities within the COCOM's/SOF moving from initial discovery to enterprise-wide adoption. - Master the Hybrid Landscape: Evangelize the Armis Centrix™ platform as the authoritative source of truth for assets across on-prem, air-gapped, and Cloud-native environments. - Partner with Systems Integrators: Collaborate with the "Big 5" Federal Systems Integrators (FSIs) and specialized mission partners to include Armis in multi-year Programs of Record. - Navigate Procurement: Expertly manage the complexities of the MIP/NIP funding cycles and classified contract vehicles. - Deliver Technical Value: Work closely with Cleared Sales Engineers to demonstrate Armis's unique agentless visibility into IT, OT, IoT, and Cloud-native assets. Qualifications Clearance: Active TS/SCI Required (Full Scope Poly Preferred) To be successful in this role you have: - Experience: 10+ years of documented success in enterprise software or cybersecurity sales, specifically focused on the COCOM's and SOF community. - Local Presence: Must be based in the Tampa metro area to facilitate frequent on-site engagement in classified environments. - Cloud Proficiency: Proven experience selling cloud security (CSPM, CWPP) or hybrid-cloud infrastructure solutions to federal agencies. - Clearance: Active TS/SCI is mandatory. Candidates with an active Full Scope Poly (FSP) will be given high priority. - Network: An existing, high-level network of GS-15/SES and C-suite contacts within the COCOM's/SOF community. - Strategic Mindset: Ability to translate complex technical capabilities into mission-success outcomes for agency stakeholders. Additional Information Work Personas We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here . To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service. Equal Opportunity Employer ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, gender identity, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. Accommodations We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact globaltalentss@servicenow.com for assistance. Export Control Regulations For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. From Fortune. ©2026 Fortune Media IP Limited. All rights reserved. Used under license.

Florida
Full TimeRemoteTeam 201-500Since 2019H1B No Sponsor

• Provide professional installation, configuration, troubleshooting, and maintenance of security and smart home systems, including intrusion alarms, surveillance cameras, access control, and automation components. • Ensures all work is documented accurately, including system configuration, programming notes, and service logs. • Adheres to all safety standards, electrical codes, and security regulations during fieldwork. • Works closely with team members, project managers, and clients to ensure smooth installations and service visits. • Supports team coordination on large-scale projects and cross-trade integration. • Communicates clearly with internal staff and end users to ensure expectations are aligned and met. • Identifies potential installation challenges before they impact timelines or quality. • Keeps systems and tools organized and ready, anticipating parts or programming needs in advance. • Reports recurring technical issues or process inefficiencies and suggest solutions. • Stays current on evolving technologies in security, automation, and networking. • Goes the extra mile to ensure every system is tested thoroughly and functioning flawlessly. • Designs neat and efficient cable routes, panel layouts, and device placements.

United States
$30 - $40 / hour
Navitas Business Consulting, Inc. logo

Security & Endpoint Engineer

Navitas Business Consulting, Inc.

Achieving mission success through digital disruption.

Full TimeRemoteTeam 51-200Since 2006H1B No Sponsor

• Evaluate and perform proof-of-concept testing for browser extension security platforms. • Assess browser extensions, developer plugins, and AI-enabled tools for security and compliance risk. • Define extension governance, approval workflows, and allowlisting processes. • Implement monitoring, reporting, and visibility capabilities. • Support enforcement controls to prevent unauthorized extension usage and reduce data exfiltration risk. • Develop operational processes, documentation, and support models for ongoing management. • Support enterprise endpoint security initiatives across macOS, Windows & Linux. • Implement and maintain endpoint security controls and hardening standards. • Assist with vulnerability remediation and endpoint compliance activities. • Support Zero Trust and device trust initiatives. • Partner with endpoint engineering teams to balance security requirements with user experience. • Support implementation and operational management of PAM solutions such as Delinea. • Assist with privileged account governance, access reviews, and least privileged initiatives. • Participate in security assessments, audits, and compliance programs. • Produce operational documentation, runbooks, and implementation guides. • Develop automation and scripts to improve security operations and reduce manual effort. • Collaborate with Security, Corp Fleet, Infrastructure, and Identity teams for project success.

India
Full TimeRemoteTeam 10,001+Since 1957H1B No Sponsor

• Establishing, growing, and maintaining a strong presence within the assigned Security Sales Region. • Developing and maintaining strong customer relationships which foster sales and growth for the region. • Achieving and consistently exceeding monthly sales goals. • Regularly interacting with senior leaders and customers. • Monitoring and evaluating competitors’ activities and products.

North Carolina + 4 moreAll locations: North Carolina | South Carolina | Tennessee | Virginia | Wyoming
$85K - $95K / year